diff --git a/nixos/22.05/capsul-init b/nixos/22.05/capsul-init new file mode 100644 index 0000000..08595fd --- /dev/null +++ b/nixos/22.05/capsul-init @@ -0,0 +1,27 @@ +#!/bin/sh + +user=cyberian +homedir="/home/$user" + +mkdir -p "$homedir/.ssh" +chmod 700 "$homedir/.ssh" +chown -R "$user:$user" "$homedir" + +mount -t iso9660 -o ro /dev/sr0 /mnt + +grep '\- ssh' /mnt/user-data | cut -d ' ' -f 8- > "$homedir/.ssh/authorized_keys" + +chmod 600 "$homedir/.ssh/authorized_keys" + +chown "$user" "$homedir/.ssh/authorized_keys" + +# set random forgotten password for cyberian and root +pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" +echo "cyberian:\$pass" | chpasswd +pass="\$(head /dev/urandom | tr -dc a-z0-9 | head -c30)" +echo "root:\$pass" | chpasswd + +resize2fs /dev/vda2 + +umount /mnt +rm /root/capsul-init diff --git a/nixos/22.05/configuration.nix b/nixos/22.05/configuration.nix new file mode 100644 index 0000000..1f88205 --- /dev/null +++ b/nixos/22.05/configuration.nix @@ -0,0 +1,32 @@ +# this configuration is intended to give us ssh +# access to the build machine + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # we always want nano & vim + environment.systemPackages = with pkgs; [ + vim + nano + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + system.stateVersion = "22.05"; + + users.users.cyberian = { + isNormalUser = true; + }; + users.users.root.password = "password"; + + services.openssh = { + enable = true; + permitRootLogin = "yes"; + passwordAuthentication = true; + }; +} diff --git a/nixos/22.05/final-configuration.nix b/nixos/22.05/final-configuration.nix new file mode 100644 index 0000000..e8c9aa6 --- /dev/null +++ b/nixos/22.05/final-configuration.nix @@ -0,0 +1,47 @@ +# this configuration is meant to be the final +# handed over to the user + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + # we always want nano & vi + environment.systemPackages = with pkgs; [ + nano + vim + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + system.stateVersion = "22.05"; + + users.users.cyberian = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + security.sudo.wheelNeedsPassword = false; # We throw away the password but we still want root + + services.openssh = { + enable = true; + passwordAuthentication = false; + }; + + # Feel free to remove this after first boot + # /root/capsul-init gets deleted after first run + systemd.services.capsul-init = { + enable = true; + path = [ pkgs.coreutils pkgs.e2fsprogs pkgs.shadow pkgs.mount pkgs.umount ]; + unitConfig = { + ConditionPathExists = "/root/capsul-init"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "/root/capsul-init"; + }; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/nixos/22.05/packer.json b/nixos/22.05/packer.json new file mode 100644 index 0000000..e74b4f0 --- /dev/null +++ b/nixos/22.05/packer.json @@ -0,0 +1,91 @@ +{ + "variables": { + "iso_url": "https://releases.nixos.org/nixos/22.05/nixos-22.05.1700.365e1b3a859/nixos-minimal-22.05.1700.365e1b3a859-x86_64-linux.iso", + "iso_checksum": "aa9eeb04a491a84036368a93545400d79d16d281d4b7a29979bbb4f8476f9b81", + "qcow2_image": "nixos-minimal-22.05-x86_64" + }, + "provisioners": [ + { + "type": "shell", + "script": "post-install.sh" + }, + { + "type": "file", + "source": "configuration.nix", + "destination": "/mnt/etc/nixos/configuration.nix" + }, + { + "type": "shell", + "inline": [ + "nixos-install" + ] + }, + { + "type": "file", + "source": "trigger-reboot", + "destination": "/tmp/trigger-reboot" + }, + { + "type": "shell", + "inline": ["echo 'executing trigger-reboot...' && /tmp/trigger-reboot & exit 0"], + "expect_disconnect": true + }, + { + "type": "shell", + "inline": ["echo 'reconnected after rebooting'"], + "pause_before": "30s" + }, + { + "type": "file", + "source": "final-configuration.nix", + "destination": "/etc/nixos/configuration.nix" + }, + { + "type": "shell", + "inline": [ + "nixos-rebuild switch", + "rm -f /etc/ssh/*key*", + "printf '' > /etc/machine-id" + ] + }, + { + "type": "file", + "source": "capsul-init", + "destination": "/tmp/capsul-init" + }, + { + "type": "shell", + "inline": [ + "mv /tmp/capsul-init /root/capsul-init", + "chmod +x /root/capsul-init" + ] + } + ], + "builders": [ + { + "type": "qemu", + "headless": true, + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "vm_name": "{{user `qcow2_image`}}.qcow2", + "cpus": 2, + "memory": 2048, + "disk_interface": "virtio", + "disk_size": 25600, + "disk_compression": true, + "disk_cache": "unsafe", + "http_directory": ".", + "boot_wait": "110s", + "boot_command": [ + "sudo su", + "passwd root", + "password", + "password" + ], + "ssh_username": "root", + "ssh_password": "password", + "ssh_wait_timeout": "20m", + "shutdown_command": "shutdown" + } + ] +} diff --git a/nixos/22.05/post-install.sh b/nixos/22.05/post-install.sh new file mode 100755 index 0000000..10c9843 --- /dev/null +++ b/nixos/22.05/post-install.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +parted -s --align=none /dev/vda mktable gpt mkpart primary ext2 0 2MB mkpart primary ext2 2MB 100% set 1 bios_grub on +mkfs.ext4 -L root /dev/vda2 +mount LABEL=root /mnt +nixos-generate-config --root /mnt diff --git a/nixos/22.05/trigger-reboot b/nixos/22.05/trigger-reboot new file mode 100755 index 0000000..3c64e7b --- /dev/null +++ b/nixos/22.05/trigger-reboot @@ -0,0 +1,4 @@ +#!/bin/sh + +sleep 4 +reboot diff --git a/nixos/OWNERS b/nixos/OWNERS new file mode 100644 index 0000000..4f10b4f --- /dev/null +++ b/nixos/OWNERS @@ -0,0 +1 @@ +@aynish:sealight.xyz diff --git a/nixos/build b/nixos/build new file mode 100755 index 0000000..f9f6d87 --- /dev/null +++ b/nixos/build @@ -0,0 +1,4 @@ +#!/bin/sh + +cd $1 +packer build packer.json